Making Spammers Pay - Is It Workable?
from the this-again? dept
Proposals to add some sort of charge to every email have come up in the past, and are usually quickly shouted down as unfeasible or unworkable. However, as spam becomes worse and worse a problem, people are beginning to revisit these ideas. Declan McCullough is pointing out that spam is really a pollution problem. That is, it's a negative externality. As you'll recall from your economics classes, negative externalities are what happens when the bad results are not priced back to those producing them, passing the costs onto society. These are considered market failures, since the incentives don't work properly. Generally, the way to deal with negative externalities like pollution is to have the government come in and place charges on them - thus putting the cost back on the entity creating the pollution. McCullough talks through a few ideas for how spammers could be charged - one of which would involve paying by processor time instead of money. The Financial Times ran a similar article last week with its own proposal for charging for spam. In the past, I've been against this idea, but I'm starting to reconsider my opinion. If the system could be designed well (a big if) - it might make sense. The trick is setting it up in a way that really doesn't bother regular users at all, but is a pain for spammers. Of course, knowing how spammers work, I'm sure they'd just figure out a way to masquerade themselves as regular users - or move further into using trojan horse programs to make innocent victims pay for their spam instead.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
That is, the well-functioning use of email between non-spammers doesn't generate spam. Law-abiding users don't create this problem.
The problem is more akin to speeding, where the behavior of one person affects many, and the "damage" caused to those affected varies greatly. Speeding isn't caused by law-abiding drivers driving safely, so again, it is not a negative externality. Speeding is a behavior, made possible by the existence of roads and vehicles that lack the ability to prevent such behavior. It has rewards and costs. We use governmental agencies, a penalty system, and the private insurance industry to reduce the incidence of speeding (though road conditions are often a greater limiting factor).
Were any ISP to start charging its users for receiving email, they would create a system by which the behavior of a spammer imposes a real cost on a user. That opens enough of an opportunity for a hoarde of lawyers to start seeking damages.
It takes a price to make a market, and this is no exception
[ link to this | view in chronology ]
Making the spammer pay ...
The way to make spammers pay is certainly not to design complex micro-payment systems or other far-too-clever way they'll just sidestep as they sidestepped filters.
Any system that requires spammers's voluntary or willful participation is doomed to fail.
As I see it, the best way would be to create costs immediately while they are in the process of sending the spam or in the hours that follow a spam without asking them anything (least important on my list being their permission to do so).
As I see it, this would be a distributed response system (maybe P2P, maybe centralized) looking for fresh spams arriving in decoy accounts. As soon as a spam in progress rings more than a few decoy account's bells, the mail is analyzed (with a tool similar to the one developped by SpamCop) and in no time, the software for all connected users start :
- Innundating the spam source IP (most spammers use at best a DSL line that's easy to flood to the point it can't send anything to anyone) with "pings" or anything else
- overloading the spamvertised website with so many requests that bandwidth costs make the spammer pay a hefty price for sending his spam (think of it as forced micro-payment)
- sending a vast amount of forms filled with bogus data (the spammer will have to sort out thru millions of bogus replies to find the "real" customer for his faked-Herbal-Viagra (or whatever) in just the same way he forces us to sort out the spam to read our regular messages)
- In case an "open Rely" is (ab)used by the spammer, send equally vast amount of traffic to it, both for the bandwidth cost and to overwhelm it and slow spam transmission to a crawl. If they have "regular" users, their access will be slowed too, but since the administrator did not take the time to properly configure it, he will probably not care too much (unless the spammer *is* the regular user ;-)
Looks like a DDOS attack ? In a way, it technically seems similar but it would also be very different, since each participant would be fully aware of what the software does (opposed to "zombies" used by fraudulent DDOS attacks) and the amount of activity (and thus cost for the spammer) delivered by each participant would be metered and limited.
Peoples are so sick and tired with spam that such a system would be immensely popular. With so many net users immediately reacting, any spam attempt would be burried before it even have a chance to see the light (and pollute our boxes). If it reaches a point where punishment is nearly garanteed, I'm certain spam would go away and web hosts would be less willing to turn a blind eye when asked to host the next "superemailbargains.biz" website.
Might the spammers retaliate ? Bet they will ! but there are so many more of "Us" (unwilling spam recipients) than there is of "Them" (spammers) that in most cases they just can't fight it. The few who could (such as "Exodus.net" or "QWest.net") might think twice since doing so would expose their dirty little secrets and their regular corporate customers might not like what they would learn in the aftermaths of such a battle ...
http://www.spamhaus.org/sbl/listings.lasso?isp=exodus.net
http://www.spamhaus.org/sbl/listings.las so?isp=qwest.net
Looks not properly aligned with Netiquette rules ? a bit rude ? It certainly is, but so are spammers. Asking politely and complaining was good to educate most Internet actors, but for the few who rogue and greedy ones who remain in this monkey "business", only a brute force attack using the same principles that they successfully use against us would do.
These tactics have already been successfully used to curb mobile phone spam in China.
http://news.com.com/2100-1039-993861.html
We're not China, but they found an effective way to deal with the problem, we should seriously consider it ...
Hit them where it hurts (make them pay) & see them fly away ...
[ link to this | view in chronology ]